Access to databases is usually controlled by database servers. In client/server environments, database servers usually contain a database management system (DBMS), as well as the database. The database server may provide access to a client application through a database driver using a security mechanism. Many different security mechanisms are in use, including those using user IDs and passwords, encrypted passwords, KERBEROS, and others. Database servers typically require a configuration setting that decides what security mechanisms are supported under that configuration setting.
When a high level of security is desired, database server security mechanisms may use encryption. Encryption is an effective means to protect the secrecy of many types of communications. Normally, cryptographic solutions rely upon computationally intensive algorithms to encrypt information. Faster processors and specialized hardware have made these techniques susceptible to compromise, forcing more complex encryption algorithms to be invented in order to ensure security. When a DBMS uses encryption to protect data security, both the DBMS and the database driver need to support these newly available encryption algorithms. Supporting these new encryption algorithms can be a challenge because of the need to add the current and future available encryption algorithms easily and, at the same time, to not break the existing encryption support for the down level DBMS.
One approach to encryption configuration is to add a property for each encryption algorithm so that when an application wants to use a specific encryption algorithm, that property just needs to be turned on. Unfortunately, the application does not really know what encryption algorithm the server supports until connection time, so the encryption algorithm the application turns on may not be supported by the database. Furthermore, as more and more encryption algorithms become available, it is impractical to add a property for every encryption algorithm, without negatively impacting performance.
Accordingly, there is a need for systems and methods for providing secure access to databases by an application. There is also a need for techniques that would provide such access by automatically configuring encryption algorithms in an environment of multiple encryption algorithms. There is also a need for ways to provide encryption algorithm configuration, which can add the current and future available encryption algorithms easily, does not negatively impact performance, and also does not break the existing encryption support for the down level (legacy) DBMS.